{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0264", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-11-03T20:44:24.711Z", "datePublished": "2026-05-13T17:40:36.602Z", "dateUpdated": "2026-05-14T03:56:31.192Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-05-13T17:40:36.602Z"}, "title": "PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution", "datePublic": "2026-05-13T16:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cloud NGFW", "platforms": ["AWS", "Azure"], "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "PAN-OS", "versions": [{"status": "affected", "version": "12.1.0", "lessThan": "12.1.7, 12.1.4-h5", "changes": [{"at": "12.1.4-h5", "status": "unaffected"}, {"at": "12.1.7", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "11.2.0", "lessThan": "11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17", "changes": [{"at": "11.2.4-h17", "status": "unaffected"}, {"at": "11.2.7-h13", "status": "unaffected"}, {"at": "11.2.10-h6", "status": "unaffected"}, {"at": "11.2.12", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "11.1.0", "lessThan": "11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33", "changes": [{"at": "11.1.4-h33", "status": "unaffected"}, {"at": "11.1.6-h32", "status": "unaffected"}, {"at": "11.1.7-h6", "status": "unaffected"}, {"at": "11.1.10-h25", "status": "unaffected"}, {"at": "11.1.13-h5", "status": "unaffected"}, {"at": "11.1.15", "status": "unaffected"}], "versionType": "custom"}, {"status": "affected", "version": "10.2.0", "lessThan": "10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34", "changes": [{"at": "10.2.7-h34", "status": "unaffected"}, {"at": "10.2.10-h36", "status": "unaffected"}, {"at": "10.2.13-h21", "status": "unaffected"}, {"at": "10.2.16-h7", "status": "unaffected"}, {"at": "10.2.18-h6", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected", "cpes": ["cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"]}, {"vendor": "Palo Alto Networks", "product": "Prisma Access", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:a:palo_alto_networks:cloud_ngfw:all:*:aws:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:palo_alto_networks:cloud_ngfw:all:*:azure:*:*:*:*:*"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.7_12.1.4-h5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.2.0", "versionEndExcluding": "11.2.12_11.2.10-h6_11.2.7-h13_11.2.4-h17"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.1.0", "versionEndExcluding": "11.1.15_11.1.13-h5_11.1.10-h25_11.1.7-h6_11.1.6-h32_11.1.4-h33"}, {"vulnerable": true, "criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.2.0", "versionEndExcluding": "10.2.18-h6_10.2.16-h7_10.2.13-h21_10.2.10-h36_10.2.7-h34"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:a:palo_alto_networks:prisma_access:all:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS\u00ae Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).\n\n\n\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS\u00ae Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).<br></p><p>Panorama, Cloud NGFW, and Prisma<span>\u00ae</span> Access are not impacted by this vulnerability.</p>"}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0264", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "The risk is highest for PA-Series hardware firewalls as there is a potential risk of arbitrary code execution"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "USER", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "HIGH", "providerUrgency": "RED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:H/U:Red"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "The risk is lower for VM-Series firewalls, as the impact is limited to a Denial of Service condition"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "AUTOMATIC", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.6, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:A/V:D/RE:M/U:Amber"}}], "configurations": [{"lang": "eng", "value": "This issue is applicable only to PAN-OS firewalls if either of the following conditions are true:\n\n 1. DNS Proxy is enabled (Network > DNS Proxy) AND a network interface is attached to DNS Proxy. \n OR\n \n 2. The DNS server (Device > Setup > Services) configured on NGFW is a compromised public untrusted IP address.\n \n \n\nThe risk is higher if the interface is externally exposed to an untrusted network. Further documentation on configuring DNS Proxy can be found here (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFcCAK).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>This issue is applicable only to PAN-OS firewalls if either of the following conditions are true:</p><ol><li>DNS Proxy is enabled (<b>Network &gt; DNS Proxy</b>)&nbsp;<b>AND </b>a network interface is attached to DNS Proxy.&nbsp;<br><b>OR</b><br></li><li>The DNS server (<b>Device</b>&nbsp;&gt;<b> Setup </b>&gt; <b>Services</b>) configured on NGFW is a compromised public untrusted IP address.<br><br></li></ol><p>The risk is higher if the interface is externally exposed to an untrusted network.&nbsp;Further documentation on <a target=\"_blank\" rel=\"nofollow\" href=\"https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFcCAK\">configuring DNS Proxy can be found here</a>.</p>"}]}], "workarounds": [{"lang": "eng", "value": "Customers can mitigate the risk of this issue by taking either of the following actions:\n\nAction 1: \n\n * Disassociate DNS Proxy from externally accessible interfaces in order to reduce your attack surface; AND\n * Configure DNS server with a RFC1918 or a public trusted IP address.\n \n\nOR Action 2:\n\n * Disable the DNS Proxy feature (Network > DNS Proxy) if it is not being used; AND\n * Configure DNS server with a RFC1918 or a public trusted IP address.\n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510027 from Applications and Threats content version 9100-10044 and later.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Customers can mitigate the risk of this issue by taking either of the following actions:<br><br>Action 1:&nbsp;<br><ul><li>Disassociate DNS Proxy from externally accessible interfaces in order to reduce your attack surface;&nbsp;<b>AND</b></li><li>Configure DNS server with a RFC1918 or a public trusted IP address.<br></li></ul><b>OR&nbsp;</b>Action 2:<br><ul><li>Disable the DNS Proxy feature (<b>Network</b>&nbsp;&gt; <b>DNS</b>&nbsp;<b>Proxy</b>) if it is not being used;&nbsp;<b>AND</b></li><li>Configure DNS server with a RFC1918 or a public trusted IP address.</li></ul><p>Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510027&nbsp;from&nbsp;Applications and Threats content version 9100-10044 and later.</p><p></p>"}]}], "solutions": [{"lang": "eng", "value": "VERSION MINOR VERSION SUGGESTED SOLUTION\nCloud NGFW No action needed\nPAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.\n 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h5 or 12.1.7 or later.\nPAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later.\n 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h6 or 11.2.12 or later.\n 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h13 or 11.2.10 or later.\n 11.2.0 through 11.2.4-h* Upgrade to 11.2.4-h17 or 11.2.7 or later.\nPAN-OS 11.1 11.1.14 or later Upgrade to 11.1.15 or later.\n 11.1.11 through 11.1.13-h* Upgrade to 11.1.13-h5 or 11.1.15 or later.\n 11.1.8 through 11.1.10-h* Upgrade to 11.1.10-h25 or 11.1.15 or later.\n 11.1.7 through 11.1.7-h* Upgrade to 11.1.7-h6 or 11.1.15 or later.\n 11.1.5 through 11.1.6-h* Upgrade to 11.1.6-h32 or 11.1.15 or later.\n 11.1.0 through 11.1.4-h* Upgrade to 11.1.4-h33 or 11.1.15 or later.\nPAN-OS 10.2 10.2.17 through 10.2.18-h* Upgrade to 10.2.18-h6 or later.\n 10.2.14 through 10.2.16-h* Upgrade to 10.2.16-h7 or 10.2.18-h6 or later.\n 10.2.11 through 10.2.13-h* Upgrade to 10.2.13-h21 or 10.2.18-h6 or later.\n 10.2.8 through 10.2.10-h* Upgrade to 10.2.10-h36 or 10.2.18-h6 or later.\n 10.2.0 through 10.2.7-h* Upgrade to 10.2.7-h34 or 10.2.18-h6 or later.\nPrisma Access No action needed. \nAll older unsupported PAN-OS versions Upgrade to a supported fixed version.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<table class=\"tbl\"><thead><tr><th>Version</th><th>Minor Version</th><th>Suggested Solution</th></tr></thead><tbody><tr><td> Cloud NGFW</td><td>&nbsp;</td><td>No action needed</td></tr><tr><td>PAN-OS 12.1</td><td>12.1.5 through 12.1.6</td><td>Upgrade to 12.1.7 or later.</td></tr><tr><td><br></td><td>12.1.2 through 12.1.4-h*</td><td>Upgrade to 12.1.4-h5 or 12.1.7 or later.</td></tr><tr><td>PAN-OS 11.2</td><td>11.2.11 or later</td><td>Upgrade to 11.2.12 or later.</td></tr><tr><td><br></td><td>11.2.8 through 11.2.10-h*</td><td>Upgrade to 11.2.10-h6 or 11.2.12 or later.</td></tr><tr><td><br></td><td>11.2.5 through 11.2.7-h*</td><td>Upgrade to 11.2.7-h13 or 11.2.10 or later.</td></tr><tr><td><br></td><td>11.2.0 through 11.2.4-h*</td><td>Upgrade to 11.2.4-h17 or 11.2.7 or later.</td></tr><tr><td>PAN-OS 11.1</td><td>11.1.14 or later</td><td>Upgrade to 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.11 through 11.1.13-h*</td><td>Upgrade to 11.1.13-h5 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.8 through 11.1.10-h*</td><td>Upgrade to 11.1.10-h25 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.7 through 11.1.7-h*</td><td>Upgrade to 11.1.7-h6 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.5 through 11.1.6-h*</td><td>Upgrade to 11.1.6-h32 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.0 through 11.1.4-h*</td><td>Upgrade to 11.1.4-h33 or 11.1.15 or later.</td></tr><tr><td>PAN-OS 10.2</td><td>10.2.17 through 10.2.18-h*</td><td>Upgrade to 10.2.18-h6 or later.</td></tr><tr><td>&nbsp;</td><td>10.2.14 through 10.2.16-h*</td><td>Upgrade to 10.2.16-h7 or 10.2.18-h6 or later.</td></tr><tr><td><br></td><td>10.2.11 through 10.2.13-h*</td><td>Upgrade to 10.2.13-h21 or 10.2.18-h6 or later.</td></tr><tr><td><br></td><td>10.2.8 through 10.2.10-h*</td><td>Upgrade to 10.2.10-h36 or 10.2.18-h6 or later.</td></tr><tr><td>&nbsp;</td><td>10.2.0 through 10.2.7-h*</td><td>Upgrade to 10.2.7-h34 or 10.2.18-h6 or later.</td></tr><tr><td>Prisma Access&nbsp;</td><td><br></td><td>No action needed.&nbsp;</td></tr><tr><td> All older unsupported PAN-OS versions</td><td>&nbsp;</td><td> Upgrade to a supported fixed version.</td></tr></tbody></table>"}]}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"}]}], "timeline": [{"time": "2026-05-13T16:00:00.000Z", "lang": "en", "value": "Initial Publication."}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks an external reporter and our internal security research teams for discovering and reporting this issue.", "type": "other"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_affectedList": ["PAN-OS 12.1.6", "PAN-OS 12.1.5", "PAN-OS 12.1.4-h3", "PAN-OS 12.1.4-h2", "PAN-OS 12.1.4", "PAN-OS 12.1.3-h3", "PAN-OS 12.1.3-h1", "PAN-OS 12.1.3", "PAN-OS 12.1.2", "PAN-OS 11.2.11", "PAN-OS 11.2.10-h4", "PAN-OS 11.2.10-h3", "PAN-OS 11.2.10-h2", "PAN-OS 11.2.10-h1", "PAN-OS 11.2.10", "PAN-OS 11.2.9", "PAN-OS 11.2.8", "PAN-OS 11.2.7-h11", "PAN-OS 11.2.7-h10", "PAN-OS 11.2.7-h8", "PAN-OS 11.2.7-h7", "PAN-OS 11.2.7-h4", "PAN-OS 11.2.7-h3", "PAN-OS 11.2.7-h2", "PAN-OS 11.2.7-h1", "PAN-OS 11.2.7", "PAN-OS 11.2.6", "PAN-OS 11.2.5", "PAN-OS 11.2.4-h15", "PAN-OS 11.2.4-h14", "PAN-OS 11.2.4-h12", "PAN-OS 11.2.4-h11", "PAN-OS 11.2.4-h10", "PAN-OS 11.2.4-h9", "PAN-OS 11.2.4-h8", "PAN-OS 11.2.4-h7", "PAN-OS 11.2.4-h6", "PAN-OS 11.2.4-h5", "PAN-OS 11.2.4-h4", "PAN-OS 11.2.4-h3", "PAN-OS 11.2.4-h2", "PAN-OS 11.2.4-h1", "PAN-OS 11.2.4", "PAN-OS 11.2.3-h5", "PAN-OS 11.2.3-h4", "PAN-OS 11.2.3-h3", "PAN-OS 11.2.3-h2", "PAN-OS 11.2.3-h1", "PAN-OS 11.2.3", "PAN-OS 11.2.2-h2", "PAN-OS 11.2.2-h1", "PAN-OS 11.2.1-h1", "PAN-OS 11.2.1", "PAN-OS 11.2.0-h1", "PAN-OS 11.2.0", "PAN-OS 11.1.13-h3", "PAN-OS 11.1.13-h2", "PAN-OS 11.1.13-h1", "PAN-OS 11.1.13", "PAN-OS 11.1.12", "PAN-OS 11.1.11", "PAN-OS 11.1.10-h21", "PAN-OS 11.1.10-h12", "PAN-OS 11.1.10-h10", "PAN-OS 11.1.10-h9", "PAN-OS 11.1.10-h7", "PAN-OS 11.1.10-h5", "PAN-OS 11.1.10-h4", "PAN-OS 11.1.10-h1", "PAN-OS 11.1.10", "PAN-OS 11.1.9", "PAN-OS 11.1.8", "PAN-OS 11.1.6-h29", "PAN-OS 11.1.6-h25", "PAN-OS 11.1.6-h23", "PAN-OS 11.1.6-h22", "PAN-OS 11.1.6-h21", "PAN-OS 11.1.6-h20", "PAN-OS 11.1.6-h19", "PAN-OS 11.1.6-h18", "PAN-OS 11.1.6-h17", "PAN-OS 11.1.6-h14", "PAN-OS 11.1.6-h10", "PAN-OS 11.1.6-h7", "PAN-OS 11.1.6-h6", "PAN-OS 11.1.6-h4", "PAN-OS 11.1.6-h3", "PAN-OS 11.1.6-h2", "PAN-OS 11.1.6-h1", "PAN-OS 11.1.6", "PAN-OS 11.1.5-h1", "PAN-OS 11.1.5", "PAN-OS 11.1.4-h27", "PAN-OS 11.1.4-h25", "PAN-OS 11.1.4-h18", "PAN-OS 11.1.4-h17", "PAN-OS 11.1.4-h15", "PAN-OS 11.1.4-h13", "PAN-OS 11.1.4-h12", "PAN-OS 11.1.4-h11", "PAN-OS 11.1.4-h10", "PAN-OS 11.1.4-h9", "PAN-OS 11.1.4-h8", "PAN-OS 11.1.4-h7", "PAN-OS 11.1.4-h6", "PAN-OS 11.1.4-h5", "PAN-OS 11.1.4-h4", "PAN-OS 11.1.4-h3", "PAN-OS 11.1.4-h2", "PAN-OS 11.1.4-h1", "PAN-OS 11.1.4", "PAN-OS 11.1.3-h13", "PAN-OS 11.1.3-h12", "PAN-OS 11.1.3-h11", "PAN-OS 11.1.3-h10", "PAN-OS 11.1.3-h9", "PAN-OS 11.1.3-h8", "PAN-OS 11.1.3-h7", "PAN-OS 11.1.3-h6", "PAN-OS 11.1.3-h5", "PAN-OS 11.1.3-h4", "PAN-OS 11.1.3-h3", "PAN-OS 11.1.3-h2", "PAN-OS 11.1.3-h1", "PAN-OS 11.1.3", "PAN-OS 11.1.2-h18", "PAN-OS 11.1.2-h17", "PAN-OS 11.1.2-h16", "PAN-OS 11.1.2-h15", "PAN-OS 11.1.2-h14", "PAN-OS 11.1.2-h13", "PAN-OS 11.1.2-h12", "PAN-OS 11.1.2-h11", "PAN-OS 11.1.2-h10", "PAN-OS 11.1.2-h9", "PAN-OS 11.1.2-h8", "PAN-OS 11.1.2-h7", "PAN-OS 11.1.2-h6", "PAN-OS 11.1.2-h5", "PAN-OS 11.1.2-h4", "PAN-OS 11.1.2-h3", "PAN-OS 11.1.2-h2", "PAN-OS 11.1.2-h1", "PAN-OS 11.1.2", "PAN-OS 11.1.1-h2", "PAN-OS 11.1.1-h1", "PAN-OS 11.1.1", "PAN-OS 11.1.0-h4", "PAN-OS 11.1.0-h3", "PAN-OS 11.1.0-h2", "PAN-OS 11.1.0-h1", "PAN-OS 11.1.0", "PAN-OS 10.2.18-h1", "PAN-OS 10.2.18", "PAN-OS 10.2.17", "PAN-OS 10.2.16-h6", "PAN-OS 10.2.16-h4", "PAN-OS 10.2.16-h1", "PAN-OS 10.2.16", "PAN-OS 10.2.15", "PAN-OS 10.2.14-h1", "PAN-OS 10.2.14", "PAN-OS 10.2.13-h18", "PAN-OS 10.2.13-h16", "PAN-OS 10.2.13-h15", "PAN-OS 10.2.13-h10", "PAN-OS 10.2.13-h7", "PAN-OS 10.2.13-h5", "PAN-OS 10.2.13-h4", "PAN-OS 10.2.13-h3", "PAN-OS 10.2.13-h2", "PAN-OS 10.2.13-h1", "PAN-OS 10.2.13", "PAN-OS 10.2.12-h6", "PAN-OS 10.2.12-h5", "PAN-OS 10.2.12-h4", "PAN-OS 10.2.12-h3", "PAN-OS 10.2.12-h2", "PAN-OS 10.2.12-h1", "PAN-OS 10.2.12", "PAN-OS 10.2.11-h13", "PAN-OS 10.2.11-h12", "PAN-OS 10.2.11-h11", "PAN-OS 10.2.11-h10", "PAN-OS 10.2.11-h9", "PAN-OS 10.2.11-h8", "PAN-OS 10.2.11-h7", "PAN-OS 10.2.11-h6", "PAN-OS 10.2.11-h5", "PAN-OS 10.2.11-h4", "PAN-OS 10.2.11-h3", "PAN-OS 10.2.11-h2", "PAN-OS 10.2.11-h1", "PAN-OS 10.2.11", "PAN-OS 10.2.10-h31", "PAN-OS 10.2.10-h30", "PAN-OS 10.2.10-h27", "PAN-OS 10.2.10-h26", "PAN-OS 10.2.10-h23", "PAN-OS 10.2.10-h21", "PAN-OS 10.2.10-h18", "PAN-OS 10.2.10-h17", "PAN-OS 10.2.10-h14", "PAN-OS 10.2.10-h13", "PAN-OS 10.2.10-h12", "PAN-OS 10.2.10-h11", "PAN-OS 10.2.10-h10", "PAN-OS 10.2.10-h9", "PAN-OS 10.2.10-h8", "PAN-OS 10.2.10-h7", "PAN-OS 10.2.10-h6", "PAN-OS 10.2.10-h5", "PAN-OS 10.2.10-h4", "PAN-OS 10.2.10-h3", "PAN-OS 10.2.10-h2", "PAN-OS 10.2.10-h1", "PAN-OS 10.2.10", "PAN-OS 10.2.9-h21", "PAN-OS 10.2.9-h20", "PAN-OS 10.2.9-h19", "PAN-OS 10.2.9-h18", "PAN-OS 10.2.9-h17", "PAN-OS 10.2.9-h16", "PAN-OS 10.2.9-h15", "PAN-OS 10.2.9-h14", "PAN-OS 10.2.9-h13", "PAN-OS 10.2.9-h12", "PAN-OS 10.2.9-h11", "PAN-OS 10.2.9-h10", "PAN-OS 10.2.9-h9", "PAN-OS 10.2.9-h8", "PAN-OS 10.2.9-h7", "PAN-OS 10.2.9-h6", "PAN-OS 10.2.9-h5", "PAN-OS 10.2.9-h4", "PAN-OS 10.2.9-h3", "PAN-OS 10.2.9-h2", "PAN-OS 10.2.9-h1", "PAN-OS 10.2.9", "PAN-OS 10.2.8-h21", "PAN-OS 10.2.8-h20", "PAN-OS 10.2.8-h19", "PAN-OS 10.2.8-h18", "PAN-OS 10.2.8-h17", "PAN-OS 10.2.8-h16", "PAN-OS 10.2.8-h15", "PAN-OS 10.2.8-h14", "PAN-OS 10.2.8-h13", "PAN-OS 10.2.8-h12", "PAN-OS 10.2.8-h11", "PAN-OS 10.2.8-h10", "PAN-OS 10.2.8-h9", "PAN-OS 10.2.8-h8", "PAN-OS 10.2.8-h7", "PAN-OS 10.2.8-h6", "PAN-OS 10.2.8-h5", "PAN-OS 10.2.8-h4", "PAN-OS 10.2.8-h3", "PAN-OS 10.2.8-h2", "PAN-OS 10.2.8-h1", "PAN-OS 10.2.8", "PAN-OS 10.2.7-h32", "PAN-OS 10.2.7-h24", "PAN-OS 10.2.7-h23", "PAN-OS 10.2.7-h22", "PAN-OS 10.2.7-h21", "PAN-OS 10.2.7-h20", "PAN-OS 10.2.7-h19", "PAN-OS 10.2.7-h18", "PAN-OS 10.2.7-h17", "PAN-OS 10.2.7-h16", "PAN-OS 10.2.7-h15", "PAN-OS 10.2.7-h14", "PAN-OS 10.2.7-h13", "PAN-OS 10.2.7-h12", "PAN-OS 10.2.7-h11", "PAN-OS 10.2.7-h10", "PAN-OS 10.2.7-h9", "PAN-OS 10.2.7-h8", "PAN-OS 10.2.7-h7", "PAN-OS 10.2.7-h6", "PAN-OS 10.2.7-h5", "PAN-OS 10.2.7-h4", "PAN-OS 10.2.7-h3", "PAN-OS 10.2.7-h2", "PAN-OS 10.2.7-h1", "PAN-OS 10.2.7", "PAN-OS 10.2.6-h6", "PAN-OS 10.2.6-h5", "PAN-OS 10.2.6-h4", "PAN-OS 10.2.6-h3", "PAN-OS 10.2.6-h2", "PAN-OS 10.2.6-h1", "PAN-OS 10.2.6", "PAN-OS 10.2.5-h9", "PAN-OS 10.2.5-h8", "PAN-OS 10.2.5-h7", "PAN-OS 10.2.5-h6", "PAN-OS 10.2.5-h5", "PAN-OS 10.2.5-h4", "PAN-OS 10.2.5-h3", "PAN-OS 10.2.5-h2", "PAN-OS 10.2.5-h1", "PAN-OS 10.2.5", "PAN-OS 10.2.4-h32", "PAN-OS 10.2.4-h31", "PAN-OS 10.2.4-h30", "PAN-OS 10.2.4-h29", "PAN-OS 10.2.4-h28", "PAN-OS 10.2.4-h27", "PAN-OS 10.2.4-h26", "PAN-OS 10.2.4-h25", "PAN-OS 10.2.4-h24", "PAN-OS 10.2.4-h23", "PAN-OS 10.2.4-h22", "PAN-OS 10.2.4-h21", "PAN-OS 10.2.4-h20", "PAN-OS 10.2.4-h19", "PAN-OS 10.2.4-h18", "PAN-OS 10.2.4-h17", "PAN-OS 10.2.4-h16", "PAN-OS 10.2.4-h15", "PAN-OS 10.2.4-h14", "PAN-OS 10.2.4-h13", "PAN-OS 10.2.4-h12", "PAN-OS 10.2.4-h11", "PAN-OS 10.2.4-h10", "PAN-OS 10.2.4-h9", "PAN-OS 10.2.4-h8", "PAN-OS 10.2.4-h7", "PAN-OS 10.2.4-h6", "PAN-OS 10.2.4-h5", "PAN-OS 10.2.4-h4", "PAN-OS 10.2.4-h3", "PAN-OS 10.2.4-h2", "PAN-OS 10.2.4-h1", "PAN-OS 10.2.4", "PAN-OS 10.2.3-h14", "PAN-OS 10.2.3-h13", "PAN-OS 10.2.3-h12", "PAN-OS 10.2.3-h11", "PAN-OS 10.2.3-h10", "PAN-OS 10.2.3-h9", "PAN-OS 10.2.3-h8", "PAN-OS 10.2.3-h7", "PAN-OS 10.2.3-h6", "PAN-OS 10.2.3-h5", "PAN-OS 10.2.3-h4", "PAN-OS 10.2.3-h3", "PAN-OS 10.2.3-h2", "PAN-OS 10.2.3-h1", "PAN-OS 10.2.3", "PAN-OS 10.2.2-h6", "PAN-OS 10.2.2-h5", "PAN-OS 10.2.2-h4", "PAN-OS 10.2.2-h3", "PAN-OS 10.2.2-h2", "PAN-OS 10.2.2-h1", "PAN-OS 10.2.2", "PAN-OS 10.2.1-h3", "PAN-OS 10.2.1-h2", "PAN-OS 10.2.1-h1", "PAN-OS 10.2.1", "PAN-OS 10.2.0-h4", "PAN-OS 10.2.0-h3", "PAN-OS 10.2.0-h2", "PAN-OS 10.2.0-h1", "PAN-OS 10.2.0"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-13T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-0264"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-14T03:56:31.192Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0264", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-13T17:54:37.791407Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T18:23:24.239Z"}}], "cna": {"title": "PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "other", "value": "Palo Alto Networks thanks an external reporter and our internal security research teams for discovering and reporting this issue."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 7.2, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/AU:Y/R:U/V:C/RE:H/U:Red", "exploitMaturity": "UNREPORTED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH"}, "scenarios": [{"lang": "en", "value": "The risk is highest for PA-Series hardware firewalls as there is a potential risk of arbitrary code execution"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 6.6, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:A/V:D/RE:M/U:Amber", "exploitMaturity": "UNREPORTED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "The risk is lower for VM-Series firewalls, as the impact is limited to a Denial of Service condition"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cloud NGFW", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "platforms": ["AWS", "Azure"], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"], "vendor": "Palo Alto Networks", "product": "PAN-OS", "versions": [{"status": "affected", "changes": [{"at": "12.1.4-h5", "status": "unaffected"}, {"at": "12.1.7", "status": "unaffected"}], "version": "12.1.0", "lessThan": "12.1.7, 12.1.4-h5", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "11.2.4-h17", "status": "unaffected"}, {"at": "11.2.7-h13", "status": "unaffected"}, {"at": "11.2.10-h6", "status": "unaffected"}, {"at": "11.2.12", "status": "unaffected"}], "version": "11.2.0", "lessThan": "11.2.12, 11.2.10-h6, 11.2.7-h13, 11.2.4-h17", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "11.1.4-h33", "status": "unaffected"}, {"at": "11.1.6-h32", "status": "unaffected"}, {"at": "11.1.7-h6", "status": "unaffected"}, {"at": "11.1.10-h25", "status": "unaffected"}, {"at": "11.1.13-h5", "status": "unaffected"}, {"at": "11.1.15", "status": "unaffected"}], "version": "11.1.0", "lessThan": "11.1.15, 11.1.13-h5, 11.1.10-h25, 11.1.7-h6, 11.1.6-h32, 11.1.4-h33", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "10.2.7-h34", "status": "unaffected"}, {"at": "10.2.10-h36", "status": "unaffected"}, {"at": "10.2.13-h21", "status": "unaffected"}, {"at": "10.2.16-h7", "status": "unaffected"}, {"at": "10.2.18-h6", "status": "unaffected"}], "version": "10.2.0", "lessThan": "10.2.18-h6, 10.2.16-h7, 10.2.13-h21, 10.2.10-h36, 10.2.7-h34", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Prisma Access", "versions": [{"status": "unaffected", "version": "All", "versionType": "custom"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2026-05-13T16:00:00.000Z", "value": "Initial Publication."}], "solutions": [{"lang": "eng", "value": "VERSION MINOR VERSION SUGGESTED SOLUTION\nCloud NGFW No action needed\nPAN-OS 12.1 12.1.5 through 12.1.6 Upgrade to 12.1.7 or later.\n 12.1.2 through 12.1.4-h* Upgrade to 12.1.4-h5 or 12.1.7 or later.\nPAN-OS 11.2 11.2.11 or later Upgrade to 11.2.12 or later.\n 11.2.8 through 11.2.10-h* Upgrade to 11.2.10-h6 or 11.2.12 or later.\n 11.2.5 through 11.2.7-h* Upgrade to 11.2.7-h13 or 11.2.10 or later.\n 11.2.0 through 11.2.4-h* Upgrade to 11.2.4-h17 or 11.2.7 or later.\nPAN-OS 11.1 11.1.14 or later Upgrade to 11.1.15 or later.\n 11.1.11 through 11.1.13-h* Upgrade to 11.1.13-h5 or 11.1.15 or later.\n 11.1.8 through 11.1.10-h* Upgrade to 11.1.10-h25 or 11.1.15 or later.\n 11.1.7 through 11.1.7-h* Upgrade to 11.1.7-h6 or 11.1.15 or later.\n 11.1.5 through 11.1.6-h* Upgrade to 11.1.6-h32 or 11.1.15 or later.\n 11.1.0 through 11.1.4-h* Upgrade to 11.1.4-h33 or 11.1.15 or later.\nPAN-OS 10.2 10.2.17 through 10.2.18-h* Upgrade to 10.2.18-h6 or later.\n 10.2.14 through 10.2.16-h* Upgrade to 10.2.16-h7 or 10.2.18-h6 or later.\n 10.2.11 through 10.2.13-h* Upgrade to 10.2.13-h21 or 10.2.18-h6 or later.\n 10.2.8 through 10.2.10-h* Upgrade to 10.2.10-h36 or 10.2.18-h6 or later.\n 10.2.0 through 10.2.7-h* Upgrade to 10.2.7-h34 or 10.2.18-h6 or later.\nPrisma Access No action needed. \nAll older unsupported PAN-OS versions Upgrade to a supported fixed version.", "supportingMedia": [{"type": "text/html", "value": "<table class=\"tbl\"><thead><tr><th>Version</th><th>Minor Version</th><th>Suggested Solution</th></tr></thead><tbody><tr><td> Cloud NGFW</td><td>&nbsp;</td><td>No action needed</td></tr><tr><td>PAN-OS 12.1</td><td>12.1.5 through 12.1.6</td><td>Upgrade to 12.1.7 or later.</td></tr><tr><td><br></td><td>12.1.2 through 12.1.4-h*</td><td>Upgrade to 12.1.4-h5 or 12.1.7 or later.</td></tr><tr><td>PAN-OS 11.2</td><td>11.2.11 or later</td><td>Upgrade to 11.2.12 or later.</td></tr><tr><td><br></td><td>11.2.8 through 11.2.10-h*</td><td>Upgrade to 11.2.10-h6 or 11.2.12 or later.</td></tr><tr><td><br></td><td>11.2.5 through 11.2.7-h*</td><td>Upgrade to 11.2.7-h13 or 11.2.10 or later.</td></tr><tr><td><br></td><td>11.2.0 through 11.2.4-h*</td><td>Upgrade to 11.2.4-h17 or 11.2.7 or later.</td></tr><tr><td>PAN-OS 11.1</td><td>11.1.14 or later</td><td>Upgrade to 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.11 through 11.1.13-h*</td><td>Upgrade to 11.1.13-h5 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.8 through 11.1.10-h*</td><td>Upgrade to 11.1.10-h25 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.7 through 11.1.7-h*</td><td>Upgrade to 11.1.7-h6 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.5 through 11.1.6-h*</td><td>Upgrade to 11.1.6-h32 or 11.1.15 or later.</td></tr><tr><td><br></td><td>11.1.0 through 11.1.4-h*</td><td>Upgrade to 11.1.4-h33 or 11.1.15 or later.</td></tr><tr><td>PAN-OS 10.2</td><td>10.2.17 through 10.2.18-h*</td><td>Upgrade to 10.2.18-h6 or later.</td></tr><tr><td>&nbsp;</td><td>10.2.14 through 10.2.16-h*</td><td>Upgrade to 10.2.16-h7 or 10.2.18-h6 or later.</td></tr><tr><td><br></td><td>10.2.11 through 10.2.13-h*</td><td>Upgrade to 10.2.13-h21 or 10.2.18-h6 or later.</td></tr><tr><td><br></td><td>10.2.8 through 10.2.10-h*</td><td>Upgrade to 10.2.10-h36 or 10.2.18-h6 or later.</td></tr><tr><td>&nbsp;</td><td>10.2.0 through 10.2.7-h*</td><td>Upgrade to 10.2.7-h34 or 10.2.18-h6 or later.</td></tr><tr><td>Prisma Access&nbsp;</td><td><br></td><td>No action needed.&nbsp;</td></tr><tr><td> All older unsupported PAN-OS versions</td><td>&nbsp;</td><td> Upgrade to a supported fixed version.</td></tr></tbody></table>", "base64": false}]}], "datePublic": "2026-05-13T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2026-0264", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "eng", "value": "Customers can mitigate the risk of this issue by taking either of the following actions:\n\nAction 1: \n\n * Disassociate DNS Proxy from externally accessible interfaces in order to reduce your attack surface; AND\n * Configure DNS server with a RFC1918 or a public trusted IP address.\n \n\nOR Action 2:\n\n * Disable the DNS Proxy feature (Network > DNS Proxy) if it is not being used; AND\n * Configure DNS server with a RFC1918 or a public trusted IP address.\n\nCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510027 from Applications and Threats content version 9100-10044 and later.", "supportingMedia": [{"type": "text/html", "value": "Customers can mitigate the risk of this issue by taking either of the following actions:<br><br>Action 1:&nbsp;<br><ul><li>Disassociate DNS Proxy from externally accessible interfaces in order to reduce your attack surface;&nbsp;<b>AND</b></li><li>Configure DNS server with a RFC1918 or a public trusted IP address.<br></li></ul><b>OR&nbsp;</b>Action 2:<br><ul><li>Disable the DNS Proxy feature (<b>Network</b>&nbsp;&gt; <b>DNS</b>&nbsp;<b>Proxy</b>) if it is not being used;&nbsp;<b>AND</b></li><li>Configure DNS server with a RFC1918 or a public trusted IP address.</li></ul><p>Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510027&nbsp;from&nbsp;Applications and Threats content version 9100-10044 and later.</p><p></p>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS\u00ae Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).\n\n\n\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "<p>A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS\u00ae Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).<br></p><p>Panorama, Cloud NGFW, and Prisma<span>\u00ae</span> Access are not impacted by this vulnerability.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "configurations": [{"lang": "eng", "value": "This issue is applicable only to PAN-OS firewalls if either of the following conditions are true:\n\n 1. DNS Proxy is enabled (Network > DNS Proxy) AND a network interface is attached to DNS Proxy. \n OR\n \n 2. The DNS server (Device > Setup > Services) configured on NGFW is a compromised public untrusted IP address.\n \n \n\nThe risk is higher if the interface is externally exposed to an untrusted network. Further documentation on configuring DNS Proxy can be found here (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFcCAK).", "supportingMedia": [{"type": "text/html", "value": "<p>This issue is applicable only to PAN-OS firewalls if either of the following conditions are true:</p><ol><li>DNS Proxy is enabled (<b>Network &gt; DNS Proxy</b>)&nbsp;<b>AND </b>a network interface is attached to DNS Proxy.&nbsp;<br><b>OR</b><br></li><li>The DNS server (<b>Device</b>&nbsp;&gt;<b> Setup </b>&gt; <b>Services</b>) configured on NGFW is a compromised public untrusted IP address.<br><br></li></ol><p>The risk is higher if the interface is externally exposed to an untrusted network.&nbsp;Further documentation on <a target=\"_blank\" rel=\"nofollow\" href=\"https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFcCAK\">configuring DNS Proxy can be found here</a>.</p>", "base64": false}]}], "x_affectedList": ["PAN-OS 12.1.6", "PAN-OS 12.1.5", "PAN-OS 12.1.4-h3", "PAN-OS 12.1.4-h2", "PAN-OS 12.1.4", "PAN-OS 12.1.3-h3", "PAN-OS 12.1.3-h1", "PAN-OS 12.1.3", "PAN-OS 12.1.2", "PAN-OS 11.2.11", "PAN-OS 11.2.10-h4", "PAN-OS 11.2.10-h3", "PAN-OS 11.2.10-h2", "PAN-OS 11.2.10-h1", "PAN-OS 11.2.10", "PAN-OS 11.2.9", "PAN-OS 11.2.8", "PAN-OS 11.2.7-h11", "PAN-OS 11.2.7-h10", "PAN-OS 11.2.7-h8", "PAN-OS 11.2.7-h7", "PAN-OS 11.2.7-h4", "PAN-OS 11.2.7-h3", "PAN-OS 11.2.7-h2", "PAN-OS 11.2.7-h1", "PAN-OS 11.2.7", "PAN-OS 11.2.6", "PAN-OS 11.2.5", "PAN-OS 11.2.4-h15", "PAN-OS 11.2.4-h14", "PAN-OS 11.2.4-h12", "PAN-OS 11.2.4-h11", "PAN-OS 11.2.4-h10", "PAN-OS 11.2.4-h9", "PAN-OS 11.2.4-h8", "PAN-OS 11.2.4-h7", "PAN-OS 11.2.4-h6", "PAN-OS 11.2.4-h5", "PAN-OS 11.2.4-h4", "PAN-OS 11.2.4-h3", "PAN-OS 11.2.4-h2", "PAN-OS 11.2.4-h1", "PAN-OS 11.2.4", "PAN-OS 11.2.3-h5", "PAN-OS 11.2.3-h4", "PAN-OS 11.2.3-h3", "PAN-OS 11.2.3-h2", "PAN-OS 11.2.3-h1", "PAN-OS 11.2.3", "PAN-OS 11.2.2-h2", "PAN-OS 11.2.2-h1", "PAN-OS 11.2.1-h1", "PAN-OS 11.2.1", "PAN-OS 11.2.0-h1", "PAN-OS 11.2.0", "PAN-OS 11.1.13-h3", "PAN-OS 11.1.13-h2", "PAN-OS 11.1.13-h1", "PAN-OS 11.1.13", "PAN-OS 11.1.12", "PAN-OS 11.1.11", "PAN-OS 11.1.10-h21", "PAN-OS 11.1.10-h12", "PAN-OS 11.1.10-h10", "PAN-OS 11.1.10-h9", "PAN-OS 11.1.10-h7", "PAN-OS 11.1.10-h5", "PAN-OS 11.1.10-h4", "PAN-OS 11.1.10-h1", "PAN-OS 11.1.10", "PAN-OS 11.1.9", "PAN-OS 11.1.8", "PAN-OS 11.1.6-h29", "PAN-OS 11.1.6-h25", "PAN-OS 11.1.6-h23", "PAN-OS 11.1.6-h22", "PAN-OS 11.1.6-h21", "PAN-OS 11.1.6-h20", "PAN-OS 11.1.6-h19", "PAN-OS 11.1.6-h18", "PAN-OS 11.1.6-h17", "PAN-OS 11.1.6-h14", "PAN-OS 11.1.6-h10", "PAN-OS 11.1.6-h7", "PAN-OS 11.1.6-h6", "PAN-OS 11.1.6-h4", "PAN-OS 11.1.6-h3", "PAN-OS 11.1.6-h2", "PAN-OS 11.1.6-h1", "PAN-OS 11.1.6", "PAN-OS 11.1.5-h1", "PAN-OS 11.1.5", "PAN-OS 11.1.4-h27", "PAN-OS 11.1.4-h25", "PAN-OS 11.1.4-h18", "PAN-OS 11.1.4-h17", "PAN-OS 11.1.4-h15", "PAN-OS 11.1.4-h13", "PAN-OS 11.1.4-h12", "PAN-OS 11.1.4-h11", "PAN-OS 11.1.4-h10", "PAN-OS 11.1.4-h9", "PAN-OS 11.1.4-h8", "PAN-OS 11.1.4-h7", "PAN-OS 11.1.4-h6", "PAN-OS 11.1.4-h5", "PAN-OS 11.1.4-h4", "PAN-OS 11.1.4-h3", "PAN-OS 11.1.4-h2", "PAN-OS 11.1.4-h1", "PAN-OS 11.1.4", "PAN-OS 11.1.3-h13", "PAN-OS 11.1.3-h12", "PAN-OS 11.1.3-h11", "PAN-OS 11.1.3-h10", "PAN-OS 11.1.3-h9", "PAN-OS 11.1.3-h8", "PAN-OS 11.1.3-h7", "PAN-OS 11.1.3-h6", "PAN-OS 11.1.3-h5", "PAN-OS 11.1.3-h4", "PAN-OS 11.1.3-h3", "PAN-OS 11.1.3-h2", "PAN-OS 11.1.3-h1", "PAN-OS 11.1.3", "PAN-OS 11.1.2-h18", "PAN-OS 11.1.2-h17", "PAN-OS 11.1.2-h16", "PAN-OS 11.1.2-h15", "PAN-OS 11.1.2-h14", "PAN-OS 11.1.2-h13", "PAN-OS 11.1.2-h12", "PAN-OS 11.1.2-h11", "PAN-OS 11.1.2-h10", "PAN-OS 11.1.2-h9", "PAN-OS 11.1.2-h8", "PAN-OS 11.1.2-h7", "PAN-OS 11.1.2-h6", "PAN-OS 11.1.2-h5", "PAN-OS 11.1.2-h4", "PAN-OS 11.1.2-h3", "PAN-OS 11.1.2-h2", "PAN-OS 11.1.2-h1", "PAN-OS 11.1.2", "PAN-OS 11.1.1-h2", "PAN-OS 11.1.1-h1", "PAN-OS 11.1.1", "PAN-OS 11.1.0-h4", "PAN-OS 11.1.0-h3", "PAN-OS 11.1.0-h2", "PAN-OS 11.1.0-h1", "PAN-OS 11.1.0", "PAN-OS 10.2.18-h1", "PAN-OS 10.2.18", "PAN-OS 10.2.17", "PAN-OS 10.2.16-h6", "PAN-OS 10.2.16-h4", "PAN-OS 10.2.16-h1", "PAN-OS 10.2.16", "PAN-OS 10.2.15", "PAN-OS 10.2.14-h1", "PAN-OS 10.2.14", "PAN-OS 10.2.13-h18", "PAN-OS 10.2.13-h16", "PAN-OS 10.2.13-h15", "PAN-OS 10.2.13-h10", "PAN-OS 10.2.13-h7", "PAN-OS 10.2.13-h5", "PAN-OS 10.2.13-h4", "PAN-OS 10.2.13-h3", "PAN-OS 10.2.13-h2", "PAN-OS 10.2.13-h1", "PAN-OS 10.2.13", "PAN-OS 10.2.12-h6", "PAN-OS 10.2.12-h5", "PAN-OS 10.2.12-h4", "PAN-OS 10.2.12-h3", "PAN-OS 10.2.12-h2", "PAN-OS 10.2.12-h1", "PAN-OS 10.2.12", "PAN-OS 10.2.11-h13", "PAN-OS 10.2.11-h12", "PAN-OS 10.2.11-h11", "PAN-OS 10.2.11-h10", "PAN-OS 10.2.11-h9", "PAN-OS 10.2.11-h8", "PAN-OS 10.2.11-h7", "PAN-OS 10.2.11-h6", "PAN-OS 10.2.11-h5", "PAN-OS 10.2.11-h4", "PAN-OS 10.2.11-h3", "PAN-OS 10.2.11-h2", "PAN-OS 10.2.11-h1", "PAN-OS 10.2.11", "PAN-OS 10.2.10-h31", "PAN-OS 10.2.10-h30", "PAN-OS 10.2.10-h27", "PAN-OS 10.2.10-h26", "PAN-OS 10.2.10-h23", "PAN-OS 10.2.10-h21", "PAN-OS 10.2.10-h18", "PAN-OS 10.2.10-h17", "PAN-OS 10.2.10-h14", "PAN-OS 10.2.10-h13", "PAN-OS 10.2.10-h12", "PAN-OS 10.2.10-h11", "PAN-OS 10.2.10-h10", "PAN-OS 10.2.10-h9", "PAN-OS 10.2.10-h8", "PAN-OS 10.2.10-h7", "PAN-OS 10.2.10-h6", "PAN-OS 10.2.10-h5", "PAN-OS 10.2.10-h4", "PAN-OS 10.2.10-h3", "PAN-OS 10.2.10-h2", "PAN-OS 10.2.10-h1", "PAN-OS 10.2.10", "PAN-OS 10.2.9-h21", "PAN-OS 10.2.9-h20", "PAN-OS 10.2.9-h19", "PAN-OS 10.2.9-h18", "PAN-OS 10.2.9-h17", "PAN-OS 10.2.9-h16", "PAN-OS 10.2.9-h15", "PAN-OS 10.2.9-h14", "PAN-OS 10.2.9-h13", "PAN-OS 10.2.9-h12", "PAN-OS 10.2.9-h11", "PAN-OS 10.2.9-h10", "PAN-OS 10.2.9-h9", "PAN-OS 10.2.9-h8", "PAN-OS 10.2.9-h7", "PAN-OS 10.2.9-h6", "PAN-OS 10.2.9-h5", "PAN-OS 10.2.9-h4", "PAN-OS 10.2.9-h3", "PAN-OS 10.2.9-h2", "PAN-OS 10.2.9-h1", "PAN-OS 10.2.9", "PAN-OS 10.2.8-h21", "PAN-OS 10.2.8-h20", "PAN-OS 10.2.8-h19", "PAN-OS 10.2.8-h18", "PAN-OS 10.2.8-h17", "PAN-OS 10.2.8-h16", "PAN-OS 10.2.8-h15", "PAN-OS 10.2.8-h14", "PAN-OS 10.2.8-h13", "PAN-OS 10.2.8-h12", "PAN-OS 10.2.8-h11", "PAN-OS 10.2.8-h10", "PAN-OS 10.2.8-h9", "PAN-OS 10.2.8-h8", "PAN-OS 10.2.8-h7", "PAN-OS 10.2.8-h6", "PAN-OS 10.2.8-h5", "PAN-OS 10.2.8-h4", "PAN-OS 10.2.8-h3", "PAN-OS 10.2.8-h2", "PAN-OS 10.2.8-h1", "PAN-OS 10.2.8", "PAN-OS 10.2.7-h32", "PAN-OS 10.2.7-h24", "PAN-OS 10.2.7-h23", "PAN-OS 10.2.7-h22", "PAN-OS 10.2.7-h21", "PAN-OS 10.2.7-h20", "PAN-OS 10.2.7-h19", "PAN-OS 10.2.7-h18", "PAN-OS 10.2.7-h17", "PAN-OS 10.2.7-h16", "PAN-OS 10.2.7-h15", "PAN-OS 10.2.7-h14", "PAN-OS 10.2.7-h13", "PAN-OS 10.2.7-h12", "PAN-OS 10.2.7-h11", "PAN-OS 10.2.7-h10", "PAN-OS 10.2.7-h9", "PAN-OS 10.2.7-h8", "PAN-OS 10.2.7-h7", "PAN-OS 10.2.7-h6", "PAN-OS 10.2.7-h5", "PAN-OS 10.2.7-h4", "PAN-OS 10.2.7-h3", "PAN-OS 10.2.7-h2", "PAN-OS 10.2.7-h1", "PAN-OS 10.2.7", "PAN-OS 10.2.6-h6", "PAN-OS 10.2.6-h5", "PAN-OS 10.2.6-h4", "PAN-OS 10.2.6-h3", "PAN-OS 10.2.6-h2", "PAN-OS 10.2.6-h1", "PAN-OS 10.2.6", "PAN-OS 10.2.5-h9", "PAN-OS 10.2.5-h8", "PAN-OS 10.2.5-h7", "PAN-OS 10.2.5-h6", "PAN-OS 10.2.5-h5", "PAN-OS 10.2.5-h4", "PAN-OS 10.2.5-h3", "PAN-OS 10.2.5-h2", "PAN-OS 10.2.5-h1", "PAN-OS 10.2.5", "PAN-OS 10.2.4-h32", "PAN-OS 10.2.4-h31", "PAN-OS 10.2.4-h30", "PAN-OS 10.2.4-h29", "PAN-OS 10.2.4-h28", "PAN-OS 10.2.4-h27", "PAN-OS 10.2.4-h26", "PAN-OS 10.2.4-h25", "PAN-OS 10.2.4-h24", "PAN-OS 10.2.4-h23", "PAN-OS 10.2.4-h22", "PAN-OS 10.2.4-h21", "PAN-OS 10.2.4-h20", "PAN-OS 10.2.4-h19", "PAN-OS 10.2.4-h18", "PAN-OS 10.2.4-h17", "PAN-OS 10.2.4-h16", "PAN-OS 10.2.4-h15", "PAN-OS 10.2.4-h14", "PAN-OS 10.2.4-h13", "PAN-OS 10.2.4-h12", "PAN-OS 10.2.4-h11", "PAN-OS 10.2.4-h10", "PAN-OS 10.2.4-h9", "PAN-OS 10.2.4-h8", "PAN-OS 10.2.4-h7", "PAN-OS 10.2.4-h6", "PAN-OS 10.2.4-h5", "PAN-OS 10.2.4-h4", "PAN-OS 10.2.4-h3", "PAN-OS 10.2.4-h2", "PAN-OS 10.2.4-h1", "PAN-OS 10.2.4", "PAN-OS 10.2.3-h14", "PAN-OS 10.2.3-h13", "PAN-OS 10.2.3-h12", "PAN-OS 10.2.3-h11", "PAN-OS 10.2.3-h10", "PAN-OS 10.2.3-h9", "PAN-OS 10.2.3-h8", "PAN-OS 10.2.3-h7", "PAN-OS 10.2.3-h6", "PAN-OS 10.2.3-h5", "PAN-OS 10.2.3-h4", "PAN-OS 10.2.3-h3", "PAN-OS 10.2.3-h2", "PAN-OS 10.2.3-h1", "PAN-OS 10.2.3", "PAN-OS 10.2.2-h6", "PAN-OS 10.2.2-h5", "PAN-OS 10.2.2-h4", "PAN-OS 10.2.2-h3", "PAN-OS 10.2.2-h2", "PAN-OS 10.2.2-h1", "PAN-OS 10.2.2", "PAN-OS 10.2.1-h3", "PAN-OS 10.2.1-h2", "PAN-OS 10.2.1-h1", "PAN-OS 10.2.1", "PAN-OS 10.2.0-h4", "PAN-OS 10.2.0-h3", "PAN-OS 10.2.0-h2", "PAN-OS 10.2.0-h1", "PAN-OS 10.2.0"], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:cloud_ngfw:all:*:aws:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:palo_alto_networks:cloud_ngfw:all:*:azure:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "12.1.7_12.1.4-h5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.2.12_11.2.10-h6_11.2.7-h13_11.2.4-h17", "versionStartIncluding": "11.2.0"}, {"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.1.15_11.1.13-h5_11.1.10-h25_11.1.7-h6_11.1.6-h32_11.1.4-h33", "versionStartIncluding": "11.1.0"}, {"criteria": "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.2.18-h6_10.2.16-h7_10.2.13-h21_10.2.10-h36_10.2.7-h34", "versionStartIncluding": "10.2.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palo_alto_networks:prisma_access:all:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2026-05-13T17:40:36.602Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0264", "state": "PUBLISHED", "dateUpdated": "2026-05-14T03:56:31.192Z", "dateReserved": "2025-11-03T20:44:24.711Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2026-05-13T17:40:36.602Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS\u00ae Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only).\n\n\n\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access are not impacted by this vulnerability."}], "id": "CVE-2026-0264", "lastModified": "2026-05-13T18:17:47.830", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:H/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2026-05-13T18:16:14.283", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2026-0264"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["aws", "azure"], "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Cloud NGFW", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "cloud_ngfw", "vendor": "palo_alto_networks"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12.1.0,12.1.4-h5)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[12.1.4-h5,12.1.7)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[12.1.7,*]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.2.0,11.2.4-h17)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[11.2.4-h17,11.2.7-h13)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[11.2.7-h13,11.2.10-h6)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[11.2.10-h6,11.2.12)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.1.0,11.1.4-h33)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[11.1.4-h33,11.1.6-h32)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[11.1.6-h32,11.1.7-h6)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[11.1.7-h6,11.1.10-h25)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[11.1.10-h25,11.1.13-h5)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[11.1.13-h5,11.1.15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.2.0,10.2.7-h34)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[10.2.7-h34,10.2.10-h36)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[10.2.10-h36,10.2.13-h21)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[10.2.13-h21,10.2.16-h7)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[10.2.16-h7,10.2.18-h6)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[10.2.18-h6,*]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "PAN-OS", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "pan-os", "vendor": "palo_alto_networks"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Prisma Access", "source": "cna", "vendor": "Palo Alto Networks"}, "product": "prisma_access", "vendor": "palo_alto_networks"}], "created": "2026-05-13T20:00:04.257319+00:00", "updated": "2026-05-13T21:45:04.995908+00:00", "vendors": ["palo_alto_networks", "palo_alto_networks$PRODUCT$cloud_ngfw", "palo_alto_networks$PRODUCT$pan-os", "palo_alto_networks$PRODUCT$prisma_access"]}